How common are MTU problems?

One of them, my company website was not accessible via Vodafone UK 3G.
The site is hosted on an ADSL-connected FreeBSD server and the ISP is
Andrews and Arnold.

The same website sitting on an identical backup server, where the ISP
is ZEN, worked fine.

That one was solved by dropping the MTU on the router from 1492 to
1442. That exact max value was established by running a ping from a
laptop on a Vodafone 3G WAN connection.

Later, after finding many extremely slow websites at work (A&A), we
dropped the MTU to 1400 and then to 1300 (this value being configured
in the Draytel 2955 router) and it made an instant and dramatic
improvement. But the said websites did always work, eventually. One of
them was the Post Office one (where you type in the daily postage
stuff).

I am now looking at another one which according to the host (a fast
server in Germany and run by a friend of mine) has an MTU of 1500. It
is not accessible over a Thuraya XT GMPRS satellite phone connection
(the client is a Lenovo win8 tablet, connected via USB). The owner
dropped the MTU to 1400 which didn't help but he was of the view that
this is wrong and inefficient and should not be necessary so no more
testing was done. But another version of the server code, running on
the above mentioned 1300-MTU server at my office, works perfectly from
Thuraya. I don't know if there is any relevant config on that win8
tablet - never seen MTU anywhere in Windows and I am sure the
*outgoing* packets in this case are very small.

I have been doing comms (embedded systems) since the 1970s and do know
that smaller packets get through more likely on a noisy line, but
these are very specific values.

Clearly the MTU negotiation is failing somewhere along the line...

The internet is packed with reports of such and such website being
inaccessible, etc...

Advertisements

I am now looking at another one which according to the host (a fast
server in Germany and run by a friend of mine) has an MTU of 1500. It
is not accessible over a Thuraya XT GMPRS satellite phone connection
(the client is a Lenovo win8 tablet, connected via USB). The owner
dropped the MTU to 1400 which didn't help but he was of the view that
this is wrong and inefficient and should not be necessary so no more
testing was done.

Click to expand...

He is of course right.

Which does not mean that everybody else who configures 3G, satellite, or
whatever is right. In fact I suspect that many such systems are not
properly configured.

So take the pragmatic view, that if you have to reduce the MTU to get
certain services to function correctly, then do so.

I can see that your friend in Germany does not want to compromise the
performance of his server. Can he provide a second server running on a
separate host, with an MTU of less than 1400?

I don't know how you would direct traffic arriving from the satellite
phone to the alternate site - perhaps others here can suggest something.

I am now looking at another one which according to the host (a fast
server in Germany and run by a friend of mine) has an MTU of 1500. It
is not accessible over a Thuraya XT GMPRS satellite phone connection
(the client is a Lenovo win8 tablet, connected via USB). The owner
dropped the MTU to 1400 which didn't help but he was of the view that
this is wrong and inefficient and should not be necessary so no more
testing was done.

One of them, my company website was not accessible via Vodafone UK
3G. The site is hosted on an ADSL-connected FreeBSD server and the
ISP is Andrews and Arnold.

The same website sitting on an identical backup server, where the
ISP is ZEN, worked fine.

Click to expand...

Different kit/settings in between the server and the WAN? I am suprised
A&A would mess up where zen didn't. It's possible I suppose that their
suppliers do mess up - I would have thought A&A would like to know this.

That one was solved by dropping the MTU on the router from 1492 to
1442. That exact max value was established by running a ping from a
laptop on a Vodafone 3G WAN connection.

Later, after finding many extremely slow websites at work (A&A), we
dropped the MTU to 1400 and then to 1300 (this value being
configured in the Draytel 2955 router) and it made an instant and
dramatic improvement. But the said websites did always work,
eventually. One of them was the Post Office one (where you type in
the daily postage stuff).

Click to expand...

MTU issues can be perplexing - I am no expert at all and have seen posts
I can't explain, just some thoughts -

"Setting MTU on the router" = ambiguous -

Which interface.

If you set low MTU on LAN interface it's a good way to break/test for
all those sites that don't manage to get ICMP frag needed.

I'll assume you don't do that though

What does the router do - if on wan, does it take a hint and mss clamp
to this (likely).
Does it do it properly! You would hope so but I've historically seen
code that "just sets it" rather than clamping.
Does it take your wan setting and ask ppp to ask for mru that size -
this can hurt, though in theory if it mss clamps to match it should work.

mss clamping affects the size of incoming TCP packets and it's incoming
size that often causes issues, rather than the size of outgoing.

I am now looking at another one which according to the host (a fast
server in Germany and run by a friend of mine) has an MTU of 1500.
It is not accessible over a Thuraya XT GMPRS satellite phone
connection (the client is a Lenovo win8 tablet, connected via USB).
The owner dropped the MTU to 1400 which didn't help but he was of the
view that this is wrong and inefficient and should not be necessary
so no more testing was done. But another version of the server code,
running on the above mentioned 1300-MTU server at my office, works
perfectly from Thuraya. I don't know if there is any relevant config
on that win8 tablet - never seen MTU anywhere in Windows and I am
sure the *outgoing* packets in this case are very small.

Click to expand...

Devices tend to look at the mtu of their local interface and use this to
say in the TCP connection what size (incoming) segment they can take, so
you don't just affect outgoing size by changing MTU. On routers it's
more complicated as they are passing traffic and may or may not adjust
(mss clamp) the tcp maximum segment size.

There are server settings that after failing to send full size packets,
after some timeout start sending smaller ones - this could account for
slow sites.

I have been doing comms (embedded systems) since the 1970s and do
know that smaller packets get through more likely on a noisy line,
but these are very specific values.

Clearly the MTU negotiation is failing somewhere along the line...

Click to expand...

There isn't really such a thing as MTU negotiation - it relies on ICMP
at "run time" and if as some do, servers don't get these due to blocking
then you have an issue with that server. Who blocks may be out of your
control, so setting low is a workaround.

It may also be the case that messing around with the MTU on routers (or
the way they do things anyway) can set you up to hit issues. If for
whatever reason "you" can't take a 1500 IP packet, there is a chance you
will need to send an ICMP frag needed out to a server - which may never
get it.

Using sat/3G no doubt complicates things - if it is they that dictate a
low incoming MTU, then you (your kit) needs to work around it. As I
don't use such things I just don't know how bad or variable
things/networks are.

I've been lucky in that I've always been able to just use 1500 on
ADSL/FTTC and had ISPs where it just works.

I am suprised
A&A would mess up where zen didn't. It's possible I suppose that their
suppliers do mess up - I would have thought A&A would like to know this.

Click to expand...

I told them - they didn't want to discuss it much at the time. Some of
the people there are very helpful and some are the exact opposite,
IME.

MTU issues can be perplexing - I am no expert at all and have seen posts
I can't explain, just some thoughts -

"Setting MTU on the router" = ambiguous -

Which interface.

Click to expand...

The ADSL one.

If you set low MTU on LAN interface it's a good way to break/test for
all those sites that don't manage to get ICMP frag needed.

I'll assume you don't do that though

What does the router do - if on wan, does it take a hint and mss clamp
to this (likely).
Does it do it properly! You would hope so but I've historically seen
code that "just sets it" rather than clamping.
Does it take your wan setting and ask ppp to ask for mru that size -
this can hurt, though in theory if it mss clamps to match it should work.

mss clamping affects the size of incoming TCP packets and it's incoming
size that often causes issues, rather than the size of outgoing.

Click to expand...

That I don't know.

We assumed that setting the MTU in the router to say 1442 limits
outgoing packets to 1442, and attempts to negotiate incoming ones down
to 1442 also.

Devices tend to look at the mtu of their local interface and use this to
say in the TCP connection what size (incoming) segment they can take, so
you don't just affect outgoing size by changing MTU. On routers it's
more complicated as they are passing traffic and may or may not adjust
(mss clamp) the tcp maximum segment size.

There are server settings that after failing to send full size packets,
after some timeout start sending smaller ones - this could account for
slow sites.

Click to expand...

Yes, very likely.

There isn't really such a thing as MTU negotiation - it relies on ICMP
at "run time" and if as some do, servers don't get these due to blocking
then you have an issue with that server. Who blocks may be out of your
control, so setting low is a workaround.

Click to expand...

Sure. I guess somebody may be blocking pings (which is fairly common)
and accidentally blocking everything all ICMP.

It may also be the case that messing around with the MTU on routers (or
the way they do things anyway) can set you up to hit issues. If for
whatever reason "you" can't take a 1500 IP packet, there is a chance you
will need to send an ICMP frag needed out to a server - which may never
get it.
Yes.

Using sat/3G no doubt complicates things - if it is they that dictate a
low incoming MTU, then you (your kit) needs to work around it. As I
don't use such things I just don't know how bad or variable
things/networks are.

Click to expand...

The additional problem with satcomms (especially Thuraya -
geostationary) is the long latency. That breaks a lot of interactive
sites for example.

I've been lucky in that I've always been able to just use 1500 on
ADSL/FTTC and had ISPs where it just works.

Click to expand...

It does seem to work OK on ADSL, in so far as no site is IME totally
inaccessible. But some are just slow.

Welcome to Network Builders!

Welcome to Network Builders where you can ask questions or find answers on anything related to networking, firewalls, hardware and wifi.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about IT and Networking or chat with the community and help others.
Ask a Question